Wednesday
Room 1
16:20 - 17:20
(UTC+01)
Talk (60 min)
Using developer-centric data to predict, prioritize, and improve Application Security Outcomes
Most application security programs and initiatives stem from the security team and are passed to development teams. They are born outside the constraints and realities under which software is built. More often than not, these initiatives encounter resistance, friction, or challenges that impact their sustainability and effectiveness, mainly when applied to larger development organizations.
These challenges are visible when reviewing the progress and evolution of DevSecOps approaches over the past ten years and how our teams have reverted to more siloed approaches despite the solid intentions and patterns defined within the DevSecOps concept.
Using data about our software teams, their behaviors, lifecycles, and projects, can we identify which application security initiatives to implement first and which are most likely to succeed and improve overall outcomes? In addition to this, can taking a developer-centric view of these programs encourage meaningful collaboration between security and software teams based on shared contextual understanding?
Laura Bell
Laura Bell Main is recognized as a global leader in developing secure software. As the CEO of SafeStack, a leading secure development education platform, she helps software development leaders worldwide engage their entire team in cyber security. She is the co-author of "Agile Application Security" (O’Reilly Media) and "Security for Everyone" (Holloway).
Her work has been featured in many international publications, including WIRED and MIT Tech Review. She has presented at BlackHat USA, and RenderATL, as well as leading international software development and cyber security conferences.